httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Tim Rohrer <...@itstechnical.net>
Subject [users@httpd] Configuration issues leading to mod_security alerts?
Date Mon, 26 May 2014 18:30:57 GMT
Hello!

I have a system set up where I use a reverse proxy (Apache/2.4.7 (Ubuntu 14.04LTS)), to reach
a content server (Apache/2.2.22 (Ubuntu 12.04LTS)). The content server is providing a Wordpress
(latest version) site. Two domains point to the external ip and the proxy server passes them
to the content server as either 80 or 443 traffic.  On the backend, a redirection occurs for
all 80 traffic to 443 which has 3rd party cert.

The reverse proxy is also providing caching.  The site seems to be working.

I then installed mod_security from the Ubuntu package libapache2-modsecurity, which I understand
to be ver 2.7.7-2, downloaded the CRS and turned it on with DetectionOnly.

However, every time the site is accessed, I get a significant number of alerts. And a significant
number of these seem related to cache (specifically Cache-Control Response Header Missing),
headers (Content-Type Headers missing), and cookies. Some include the tag of “MISCONFIGURATION”.

I’ve been reading how to scrub these for false-positives, but the number of them right now
makes me think I may have a configuration screwup, and I want to rule that out before I start
turning off rules.

I don’t want to indiscriminately dump logs or config files here but will provide what others
think is most valid.

Thanks in advance for any help getting pointed in the right direction.

Tim




---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message